Debian: New iceweasel packages fix several vulnerabilities

    Date30 Mar 2008
    CategoryDebian
    3091
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems:
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1535-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    March 30, 2008                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : iceweasel
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235
                     CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240
                     CVE-2008-1241
    
    Several remote vulnerabilities have been discovered in the Iceweasel
    web browser, an unbranded version of the Firefox browser. The Common
    Vulnerabilities and Exposures project identifies the following
    problems:
    
    CVE-2007-4879
    
        Peter Brodersen and Alexander Klink discovered that the
        autoselection of SSL client certificates could lead to users
        being tracked, resulting in a loss of privacy.
    
    CVE-2008-1233
    
        "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and
        CVE-2007-5338 allow the execution of arbitrary code through
        XPCNativeWrapper.
    
    CVE-2008-1234
    
        "moz_bug_r_a4" discovered that insecure handling of event
        handlers could lead to cross-site scripting.
    
    CVE-2008-1235
      
        Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered
        that incorrect principal handling can lead to cross-site
        scripting and the execution of arbitrary code.
    
    CVE-2008-1236
    
        Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats
        Palmgren discovered crashes in the layout engine, which might
        allow the execution of arbitrary code.
    
    CVE-2008-1237
    
        "georgi", "tgirmann" and Igor Bukanov discovered crashes in the
        Javascript engine, which might allow the execution of arbitrary
        code.
    
    CVE-2008-1238
    
        Gregory Fleischer discovered that HTTP Referrer headers were
        handled incorrectly in combination with URLs containing Basic
        Authentication credentials with empty usernames, resulting
        in potential Cross-Site Request Forgery attacks.
    
    CVE-2008-1240
    
        Gregory Fleischer discovered that web content fetched through
        the jar: protocol can use Java to connect to arbitrary ports.
        This is only an issue in combination with the non-free Java
        plugin.
    
    CVE-2008-1241
    
        Chris Thomas discovered that background tabs could generate
        XUL popups overlaying the current tab, resulting in potential
        spoofing attacks.
    
    For the stable distribution (etch), these problems have been fixed in
    version 2.0.0.13-0etch1.
    
    The Mozilla products from the old stable distribution (sarge) are no
    longer supported.
    
    We recommend that you upgrade your iceweasel packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for amd64, arm, 386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1.diff.gz
        Size/MD5 checksum:   186301 53f3006d2e0e33c5c3b9b2e5455dceda
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1.dsc
        Size/MD5 checksum:     1289 4cae6173a998d828c2482342990d278a
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13.orig.tar.gz
        Size/MD5 checksum: 43550925 d9581b7ecfadc75faab6745b27f153fb
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.13-0etch1_all.deb
        Size/MD5 checksum:    54124 1c174b651e317df30e5fdeba88d0ec55
      http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.13-0etch1_all.deb
        Size/MD5 checksum:    54384 5edb0209f67852029483cbcba18f5c92
      http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.13-0etch1_all.deb
        Size/MD5 checksum:    54274 7b8c2847eccc00fe3fd8b867e9d71acf
      http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.13-0etch1_all.deb
        Size/MD5 checksum:    54242 92384349e31851e1b0119552cb07f44d
      http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.13-0etch1_all.deb
        Size/MD5 checksum:    54124 45d17d43f0b99aeb176375edd4c75d76
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.13-0etch1_all.deb
        Size/MD5 checksum:   239444 393dcf03f5b94cf95be68525b89492bf
      http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.13-0etch1_all.deb
        Size/MD5 checksum:    54914 6540e2954f40e3bc63bf74bc4fd8b674
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_amd64.deb
        Size/MD5 checksum: 10194518 754786f9c4fdc37b85cf89834e9cbdb5
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_amd64.deb
        Size/MD5 checksum: 50099150 ca0f49a7edcb77cbdd7cad9f6d0ea069
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_amd64.deb
        Size/MD5 checksum:    87670 338c9a70618805a6ffb822269101b044
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_arm.deb
        Size/MD5 checksum:  9243714 c57fc912cd587993569f30cca27ece6c
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_arm.deb
        Size/MD5 checksum: 49186638 1574200afef731f356faf15092f2721a
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_arm.deb
        Size/MD5 checksum:    81406 c80e04d7cb727b3cdb2144819bf7f028
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_i386.deb
        Size/MD5 checksum:    81770 8b584c2e16fc0eb7bd8c11d27a68f8e5
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_i386.deb
        Size/MD5 checksum:  9107570 8ac43d77b6449acbecd281b1e5f2e9ac
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_i386.deb
        Size/MD5 checksum: 49495882 81830f6ad26fa886669d90b887433e77
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_ia64.deb
        Size/MD5 checksum:    99988 d28403a679b81194e3f65e1b1cec1220
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_ia64.deb
        Size/MD5 checksum: 50453990 eb2fc53f839647fb1584012b126b661b
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_ia64.deb
        Size/MD5 checksum: 14130102 d8e18be59e8d5c800e606ae69708f124
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_mips.deb
        Size/MD5 checksum: 53881214 78264349841c07851ae9077e12506456
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_mips.deb
        Size/MD5 checksum: 11049744 2b030d2cfc9cc25127a83a27a3acb180
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_mips.deb
        Size/MD5 checksum:    82892 413e9bbb536e91cb9374bc7660034f43
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_mipsel.deb
        Size/MD5 checksum: 10750920 c4f9f270a9dc3bb9a4c7fb653672ca61
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_mipsel.deb
        Size/MD5 checksum: 52448404 2adcb659d1f1eacbe089e6ecf5c1a577
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_mipsel.deb
        Size/MD5 checksum:    82932 cf40c0bddc35bbcc0ad25bdd5b75cc70
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_powerpc.deb
        Size/MD5 checksum: 51896022 22d862ee8df86400f7cf1e92fcbe8299
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_powerpc.deb
        Size/MD5 checksum:    83486 3cfbd6d6e50cba5ee0f9f2a64c582bbb
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_powerpc.deb
        Size/MD5 checksum:  9925618 b0790a2eaa530ae0c14cf3e4e087c156
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_s390.deb
        Size/MD5 checksum:    87860 6cf8c562ea26ef6b4966990380d0dbaa
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_s390.deb
        Size/MD5 checksum: 10344926 36b3aa8464d05e8f62c7526df1edb90d
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_s390.deb
        Size/MD5 checksum: 50768124 95d62e4679469eda4932f22ef004e3e1
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_sparc.deb
        Size/MD5 checksum:    81614 4c1326aaae9821365b4baab2c692e5f0
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_sparc.deb
        Size/MD5 checksum:  9129464 dc5b96ef06e08ee830411f043ead9836
      http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_sparc.deb
        Size/MD5 checksum: 49108664 fee19c03f569025e398d02e1c63af3c4
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.